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ABSTRACT 



A device for securing computers is in the form of an internally 
installed computer card. The computer card plugs into an ISA bus slot in a 
PC. The computer card includes a computer interface and microcontroller. 
The microcontroller has inputs for motion, power and tamper sensors and 
communicates with an on board basic input/output system (BIOS) EEPROM 
for storing a BIOS security program and a serial EEPROM for storing security 
parameters and access passwords. The computer card includes a power 
circuit with NiCd batteries and a recharger for operating the device while the 
computer is off. The computer card is given a unique physical device 
address prior to installation. When the computer is powered up. the 
computer card is addressed by the computer during its BIOS start-up 
routine. The internal BIOS security program is then initialized, requiring a 
password before start-up continues. A password hierarchy provides for 
multiple levels of access to the security capabilities. 
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M 5 TH QD AND DEVICE FOR SFrU RING COMPtlTFRS 

1 

This invention relates to 'securing computers and is particularly 
concerned with both physical security of computers and security of data 
stored therein. 



BACKGROUND OF THE INVENTION 

Methods and devices for securing computers are well known. 
Typically, the prior art addresses either physical security of the computer 
through lock or alarm systems or security of data stored on the computer 
through password protection. 

There have been a few proposals that address both physical and data 
security in a single apparatus. For example, Reinke et al, in U.S. Patent 
4.908,608 teach a security device with an alarm device. The software 
program, which activates the alarm device, is used like a kev to enable and 
disable the alarm. Optionally, a password can be established, allowing a 
user owning the password, to enable and disable the alarm device. The 
alarm password entry may prevent unauthorized access to the computer. 
However, the operation of the alarm device depends upon the computer 
being booted. Thus, anyone having knowledge of the presence of such a 
device, could interrupt boot up the computer from the hard drive and 
continue from a disk-drive to edit the AUTOEXEC.BAT and CONFIG.SYS 
files to defeat the password feature. 

In fact any security system relying on the AUTOEXEC.BAT file during 
boot-up of an IBM compatible computer can be circumvented. 

This problem has been recognized in a prior art device. 

McClung et al. in U.S. Patent No. 4.951,249 teach a computer 
security system for protecting the computer software from unauthorized 
use. During boot-up of the computer the scheme replaces the keyboard 
address and diskette address with addresses stored in ROM thereby locking 
out these devices. When unauthorized use of the keyboard or diskette 
insertion are attempted the boot-up routine ignores such and continues into 
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the security program. Because the keyboard is locked out. ,hi 5 device 
requires an additional input device for an authored user to login. A card 
reader is used, together with a personal identification number (PIN, to 
achievo this. Once the correct user has been thereby identified a password 
procedure is used to allow access to the computer. While this system may 
be effective at preventing overriding during boot-up. it requires an add.tion 
input device and user cards. Hence, it is more costly and may require more 
complex administrative support. 

SUMMARY OF INVENTION 

An object of the present invention is to provide an improved method 
and device for securing computers. 

In accordance with an aspect of the present invention there is 
provided a device for securing a computer comprising means for interfacing 
w.th the computer via z bus internal to the computer, means for mon.tcring 
status of the computer and for establishing an alarm condition responsive 
to a change in status, means for powering the device during intervals where 
the computer is in an off state, means for interrupting normal start up of the 
computer during a basic input/cutput system portion thereof, and means for 
accepting a password from a user to continue norma, start up of the 
computer. 

In accorda.ice with another aspect of the present invention there is 
provided a method of securing a computer comprising the steps of prov.ding 
storage for a sxored password, during start-up of the computer upon 
addressing by the computer, initiating a program requesting input of the 
password, comparing the password input to the stored password and 
allowing comp.etion of start-up of the computer to continue if the password 
input matches the password stored. 

In accordance w.th a further aspect of the present invention 'here 
prov-ced a device for securing a computer comprising a microcontroller a 
Pfurahty of security sensors connected to the microcontroller, an alarm 
output connected to the microcontroller, an interface connected to the 
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microcontroller for communicating with an internal bus in the computer, a 
basic input and output system (BIOS) program store connected to the 
microcontroller and the interface, a memory decoder connected to the 
interface, the microcontroller and the BIOS program store, a non-volatile 
store for security parameters and passwords, and a power circuit for 
powering the device during intervals when the computer is off. 

Advantages of the present invention include combining physical 
security of the computer with data security and providing password 
protection that cannot be bypassed by an informed user. 

BRIEF DESCRIPTION OF THE DRAWINGS 

The present invention will be further understood from the following 
description with reference to the drawings in which: 

FIG. 1 illustrates, in a block diagram, a computer security device in 
accordance with an embodiment of the present invention; 

FIG. 2a illustrates, in a step chart, the microcontroller software flow 
for the computer security device of FIG. 1; 

FIG. 2b illustrates, in a step chart, the microcontroller tasks for the 
computer security device of FIG. 1; and 

FIGS. 3a - 3e illustrate, in a step chart, a method of securing a 
computer through password verification during booting-up the computer in 
accordance with an embodiment of the present invention, using the 
computer security device of FIG. 1. 

Referring to FIG. 1 there is illustrated in the block diagram a computer 
security device in accordance with an embodiment of the present invention. 
The computer security device includes a computer card 10 having a PC ISA 
bus 12 and two RJ-1 1 jacks 14 and 16. The computer card 10 includes a 
microcontroller 18, a computer sub-circuit 20. an alarm subcircuit 22 and a 
power subcircuit 24. The computer subcircuit 20 includes a PC bus 
interface 30, a nonvolatile memory, serial EEPROM 34, a BIOS program 
EPROM 36. and an address selector 38. The alarm subcircuit 22 includes 
motion/tilt detectors 40 and 42, an alarm relay 44 connected to RJ-1 1 jack 
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16, an input line connected to RJ-1 1 jack 14. In addition the computer card 
includes an internal piezo transducer 50. Optional connection to an external 
alarm monitoring system is provided through the RJ-11 jack 16. A PC 
chassis tamper sensor 54 is connected via the line 46 and optional external 
tampers 56, 58 and 60 are connected serially through the RJ-11 jack 14. 

The microcontroller 18 on the computer card 10 provides secure and 
independent firmware based access control. The microcontroller 18 also 
provides a multi-channel analog to digital converter at a lower cost than 
discrete components. The microcontroller 18 provides the following 
functions: 

• Processing sensor lines as analog levels determining alarm and 
tamper states; 

• Filtering of sensor inputs to provide a measure of false alarm 
rejection; 

• Secure password verification in combination with BIOS 
program; 

• Piezo transducer control, timed alarm blast, warning blast, low 
battery chirp; 

• Read and act on option selection by jumper; 

• Drive external alarm system relay interface; and 

• Power supply monitoring. 

An example of a suitable microcontroller is a Microchip 16C74 
incorporating 4 Kbytes of ROM and 192 bytes of RAM, an onboard 8 input 
8 bit ADC, parallel 8 bit slave port, PWM module, a power up timer, a 
oscillator start-up timer, a watchdog timer, and communications ports. 

The computer subcircuit 20 and the microcontroller 18 handle the 
data security of the computer security device. In the computer subcircuit 
20, the microcontroller 18 communicates with the PC ISA bus 12 via the PC 
bus interface 30. The PC bus interface 30 includes the hardware interface 
to the ISA bus in the computer, that is bus drivers and latches necessary for 
an ISA bus interface. The PC bus interface may be implemented, for 
example by four 74ALS245 octal bus transceivers. 
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The serial EEPROM 34 stores security parameters and passwords for 
secure access to the computer under the control of the microcontroller 18 
and the BIOS EEPROM 36. The serial EEPROM 34 holds the current 
password(s), security parameters associated with each level of password 
and a real time count to support a limitation on password re-try. This 
information is not accessible from the PC bus for security reasons. There 
is no way to read out the password data from the PC under any 
circumstances. An example of a suitable serial EEPROM is a 1024-bit 
Microchip 24LC01 configured as 128x8. 

The BIOS EPROM 36 provides the program used during start-up of the 
computer to require the entry of a correct password and allows changing of 
passwords and security parameters, depending upon the security level of the 
password entered. The BIOS EPROM 36 is memory mapped so that it 
executes upon boot-up of the computer. Its programming requires a basic 
passwc;d entry sequence to be correctly completed before resuming and 
completing the boot-up process. The code supports a password edit 
function. 

Us*ng a BIOS program affords a high level of security because 
execution tf this code cannot be interrupted or bypassed by an informed 
user. The BIOS program allows a hierarchy of several levels of operator, 
each with different capabilities. 

The address selector 38 is used, prior to installation of the computer 
card 10, to assign a computer device address for the computer card 10. 
The computer device address, which must be unique within the computer, 
ensures that \>e comn^Vr card 10 is addressed during the BIOS portion of 
startup of the cr .iputer. The address selector 38 uses a jumper block to 
enable the user to select different card addresses for compatibility with a 
wide variety of computers and configurations. Address decoding may be 
provided by, for example a Generic Array Logic (GAL) device, 16V8, that 
decode the BIOS address into user selectable 4000 H segments starting at 
C8000 H through DC000 H. 

The alarm subcrrcuit 22 provides the alarm sensor inputs to the 
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microcontroller 18. The moliort/tilt sensors 40- and 42 are oriented 
orthogonally to provide for either horizontal or vertical direction of the 
computer. On initialization, the microcontroller 18 senses which switch is 
"on" and which is "off". Any subsequent change in these state results in 
an alarm condition. r he alarm relay 44 is a form C relay contact closure and 
is provided to interconnect the computer card 10 to a locally monitored 
security system. 

Tilt/motion sensors 40 and 42 detect tilting and course movements 
of the PC chassis typical of those experienced during unit relocation, are 
included on the circuit card. Two sensors are planned to detect movement 
conveniently and tilt in two axes, respectively. Sensors 40 and 42 are 
based on a mercury contact switch principle. 

The PC chassis tamper sensor 54 is provided to ensure that access 
to the computer hardware is detected. A combined switch contact-based 
and mercury switch sensor is contemplated. 

Two RJ-1 1 jacks 14 and 16 are accessible at the rear of the computer 
for optional sensor or system interconnections. The first is provided to 
connect to a series string of peripheral tamper sensors for protecting 
keyboard, protector external devices. The second is the interface to an 
external alarm monitoring system. The internal piezo transducer or 
sonale-t device is the main source of alarm indication once a sensor detects 
an alarm condition. 

The power subcircuit 24 includes a battery charger 62, two AA NiCd 
batteries 64 and a step-up converter 66. The battery charger 62 is 
connoted to the +5V power lead of the PC ISA bus 12 and provides a 
charge indicator signal to the microcontroller 18 and power to the NiCd 
batteries 64 and to the step-up converter 66. 

The- battery charger 62 is included to re-charge the NiCd batteries 64 
when the computer is in the AC on state. An example of a suitable battery 
charger is a Benchmarq 2003. 

The step-up converter 66 has a +5V DC output. The + 5V DC 
output powers the alarm card 10 when the computer is in an "off" 
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condition. The piezo or sonalert voltage, provided by a separate 9 V battery 
(not shown in Fig. 1), powers the internal piezo transducer or sonalert when 
the computer is in an "off" condition. The step-up converter 66 provides a 
low battery indication signal to the microcontroller 18. The step-up 
5 converter 66 steps the battery voltage from a nominal 2.4 V up to a higher 
voltage of 5 V for digital component function during AC off operation. It 
does not produce a higher voltage for the piezo transducer or sonalert. 
Many of these devices require higher drive voltages to achieve the full sound 
output level, hence a separate 9 V battery is provide for this purpose. An 
10 example of a suitable step-up converter is a Maxim 856. . 

Two AA NiCd batteries 64 are included in a battery holder on the 
computer card 10 for operation in the powered down state of the computer. 
It is estimated that these batteries would operate the system for one month 
1 5 without recharging. 

The option selector 52 is in the form of option set-up jumpers. These 
jumpers allow set-up of the features and modes of operation of the 
computer security device. Selectable functions may include the following 
features: 

20 • Hardware disable of the different sensor elements when they 

are not used; 

• Long or short time limit on alarm audio (e.g. , 5 min or 30 min.); 

• Silent operation, for those utilizing the alarm system 
interconnect; 

25 • BIOS disable for those wanting only component security, not 

data security; 

• Enable unsuccessful password (5) timeout feature, 30 min 
delay to retry; 

For security reasons, these jumpers are only read by the 
30 microcontroller upon entry of the highest level (Administrator) password, 
thus preventing the possibility of ? user or supervisor disabling the system. 
These features are hardware keyed by the option selector 52 for some 
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installations. Many of these same features are security parameters 
selectable as software options' as described hereinbelow in regard to Figs. 
3a through 3e. 

Operation of the computer security device of Fig. 1 is described with 
reference to Figs. 2a anr" b and 3a through e. 

In operation, the microcontroller 18 when powered up performs 
several actions as represented oy the step chart of Fig. 2a. Once 
operational, the microcontroller 18 performs several tasks as shown in Fig. 
2b. As represented by step 1. the microcontroller 18 periodically measures 
the externa, tamper sensor input. RJ- 11 14 and reports any deviation via the 
piezo trans: freer 50 and the alarm relay 44. An analog to digital converter 
is provided in the microcontroller 18 for analog inputs. The A/D converter 
digitizes alarm sensor input. The sensor input signal is then digitally filtered 
to reject false alarm conditions. As represented by step 2. the 
microcontroller 18. via the analog inputs measures the battery voltages 
under load when the computer is powered up or reset or when instructed to 
do so by the BIOS program. As represented by step 3, the microcontroller 
13, through inputs configured as state change -nterrupts for the 
microcontrolle.. monitors the low battery indication fror> the step up 
converter 66. the tilt/motion sen^rs 40 and 42. and chassis tamper sensor 
54 and reports any deviation via the piezo transducer 50 and the alarm relay 
44. As represented by step 4. the microcontroller 18, via the serial link 32 
checks the status of t.,e serial EE PROM as required, and may correct if 
possible. As represented by step 5. the microcontroller 18. :oads the serial 
EEPROM with default parameters .! instructed to do so by the BIOS program 
or from hardware. 

Referring to Figa. 3a through 3e the-e is illustrated a step chart a 
method of v - ljr i ng a compute, in accordance with an embodiment of the 
present invenuon. The method relies upon password verification during 
booting up of the computer, in particular the basic input output system 
(BIOS) portion thereof, usinj the computer security dev.ee of Fig. 1. 

As desenbed hereinabove, the ogress selector 38 is set to orovide 
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the computer security device,' as embodied in the computer card 10, a 
physical device address for the computer during BIOS boot-up. When the 
computer card 10 is addressed an internal BIOS program, stored in the BIOS 
EEPROM 36 is initiated, as represented by step 1.0 of Fig. 3a. The 
remaining steps of the internal BIOS program are self-explanatory from Figs. 
3a-3e. 

While the present embodiment uses five (5) retries during password 
entry and verification, this number may be chosen to be any desired number. 

Preferably, a hierarchy of password protection is provided. For 
example, a three-level password hierarchy has a user password level, a 
supervisor password level, and an administration password level. Each level 
of password has an associated capability set. For example, the following 
capabilities may be associated with each password level: 

User 

This is a simple access code that, when correctly entered, allows the 
normal processes in the computer boot sequence to complete. This access 
code allows unrestricted use of the computing facilities but maintains the 
integrity of the other security features. The uzer level only allows changing 
the password. In the present embodiment a User password consists of a 
four (4) alphanumeric characters. 

Su pervisor 

Entry of a password defined as supervisory level results in a simple 
text based menu bar appearing. Available functions are: 

• Edit User or Supervisor password 

Disable internal motion and peripheral sensors 

• Enable internal motion and peripheral sensors 

Lists current sensor status, enable, disable, alarm and tamper 
states 



2187855 



- 10 - 

i 

\ 

• Continue boot sequence 

When correctly entered, the internal motion/tilt sensors are disabled, until 
the computer is reset or turned off, at which time the sensors are re- 
enabled. In the present embodiment a Supervisor password consistr of a 
five (5) alphanumeric characters. 
Administrator 

Entry of the Administrator level password results in a text based menu bar 
appearing which has enhanced features. Available functions are: 

• Edit User, Supervisor or Administrator password 

• Disable internal motion & tamper and peripheral sensors 

• Enable internal motion & tamper and peripheral sensors 

• List current sensor status, enable/disable, alarm and tamper 
states 

• View security system diagnostic reports 

Change security parameters, such as number of peripheral 
sensors, enable/disable of warning chirp, low battery chirp, 
password entry and choosing password time-out period, alarm 
duration, menu language 

• Continue boot up sequence 

When correctly entered, the internal motion/tilt sensors are disabled, until 
the computer is reset or turned off, at which time the sensors are re- 
enabled; In the present embodiment a Administrator password consists of 
a six (6) alphanumeric characters. 
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WHAT IS CLAIMED IS: 

1 . A device for securing a computer comprising: 

means for interfacing with the computer via a bus internal to the 
computer; 

5 means for monitoring status of the computer and for establishing an 

alarm condition responsive to a change in status; 

means for powering the device during intervals where the computer 
is in an off state; 

means for interrupting normal start up of the computer during a basic 
10 input/output system portion thereof; and 

means for accepting a password from a user to continue normal start- 
up of the computer. 

2. A device as claimed in claim 1 wherein the means for 
15 monitoring includes means for sensing a plurality of conditions of the 

computer and means for enabling the means for sensing. 

3. A device as claimed in claim 1 wherein the means for 
interrupting normal start-up includes address decoding means for providing 

20 a physical device address to the computer during start-up. 

4. A device as claimed in claim 1 wherein the means for 
interrupting normal start up includes program storage means for storing a 
basic input and output system (BIOS) program whereby addressing of the 

25 device by the computer during start-up initiates the BIOS program. 

5. A device as claimed in claim 1 wherein the means for accepting 
a password includes a non-volatile memory means for storing the password 
to be compared to the password entered by the user. 

30 

6. A device as claimed in claim 5 wherein the non-volatile memory 
means cannot be read by a user of the computer. 
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7. A device as claimed in claifTi 1 whe/ein the means for powering 
includes rechargeable battery meank. 

8. A device as claimed in claim 1 wherein the means for powering 
includes battery charger means. 

.9. A method of securing a computer comprising the steps of: 
providing storage for a stored password; 

during start up of the computer, upon addressing by the computer, 

initiating a program requesting input of the password; 

comparing the password input to the stored password; and 
allowing completion of start-up of the computer to continue if the 

password input matches the password stored. 

10. A method as claimed in claim 9 further comprising the step of 
prompting a user of the computer to change the stored password, prior to 
the step of allowing completion of start-up of the computer. 

11. A method as claimed in claim 9 further comprising the steps of 
providing security .nonitoring sensors and providing storage for security 
parameters for configuring the security monitoring sensors; and 

prompting a user of the computer to change the security parameters 
prior to the step of allowing completion of start-up of the computer. 

1 2. A device for securing a computer comprising: 
a microcontroller; 

a plurality of security sensors connected to the microcontroller; 

an alarm output connected to the microcontrolter; 

an interface connected to the microcontroller for communicating with 
an internal bus in the computer; 

a basic input and output syctem (BIOS) program store connected to 
the microcontroller and the interface; 
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a memory decoder connected to the interface, the microcontroller and 

the BIOS program store; \ 

a non-volatile store for security parameters and passwords; and 
a power circuit for powering the device during intervals when the 

computer is off. 

13. A device as claimed in claim 12 wherein the microcontroller 
includes an analog to digital converter. 

1 4. A device as claimed in claim 1 2 wherein the plurality cl security 
sensors includes a tilt and motion senso r . 

1 5. A device as claimed in claim 1 2 whei ein the plurality of security 
sensors includes a low battery sensor. 

1 6. A device as claimed in claim 1 2 wherein the plurality of security 
sensors includes a battery voltage sensor. 

1 7. A device as claimed in claim 1 2 wherein the plurality of security 
sensors includes a computer chassis tamper sensor. 

1 8. A device as claimed in claim 1 2 wherein the plurality of security 
sensors includes a peripheral tamper sensor. 

19. A device as claimed in claim 12 wherein the alarm output 
includes a piezo transducer. 

20. A device as claimed in claim 12 wherein th3 alarm output 
includes an external alarm system connection. 
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Fig. 2a 
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screen, press any key to 
continue. F1 to change User 
password. F2 to change 
Supervisor password. F3 to 
change Administrator 
password. F4 to change 
security parameters. F5 to 
view Diagnostic Report. F6 to 
test Security system 
If Ft goto 3.0.1, F2goto4.0.1. 
F3 goto 5.0.1. F4 goto 5.1. F5 
goto 5.2. F6 goto 5.3. else 
^rui^uier powers up. internal 
motion sensors disabled 


5.0.1 


Admin, password 
to be changed 


Prompt for new Admin. 
Password 

New Admin password 
entered , 


BIOS displays Admin, 
password screen 

BIOS displays block 
characters 


502 


Invalid 

replacement 

Dasswftrrf 


IOS checks number of 
characters e.g. 6 


If invalid goto 5.0.2 
If valid goto 5 0 3 

BIOS informs user of invalid 
password.return to call point 


5.0.3 


First entry valid 

* 
t 


Verify new password j 

4dmin. password 
e-entered 

3IOS COmoarA*: in 1 
»rst entry | 


BIOS displays Admin, password 

verification screen 

BIOS displays Wock characters 

If invalid goto 5 0 2 
If valid goto 5.0.4 


5.0.4 


Valid new Super. F 
Password r 


>assword stored in 
nonvolatile ROM . 


BIOS displays new password 
accepted. Return to call point 



Fig. 3d 
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Step Status 



5.02 



50.3 



Event 



Invalid 

replacement 

password 



First entry valid Verify new password 



Valid new Super. 
Password 



I Admin, password 
re-entered 

I BIOS compares to 
I first entry 

Password stored in 
nonvolatile ROM 



2 



Security I Obtain current 

Parameters to be L atus 
changed 



To change No. of 
tamper sensors [New number. 

entered 



Security system BIOS displays test 
test requested | me nu Y 



Additional 

features 

requested 



BIOS displays 
[additional feature 
(menu 



Action 



BIOS informs user of invalid 
password.return to call point 

BIOS displays Admin password 
verification screen 

BIOS displays block characters 



If invalid goto 5.0.2 
If valid goto 5.0.4 

BIOS displays new password 
accepted Return to call point 

BIOS displays status and 
instructions: If F7 toggle 
parameter and goto 5. 1 . if F8 
goto 5.U if F9 goto 5.4. if Esc 
goto 5.0 

BIOS prompts for new number 
BIOS checks validity, if valid 
make change and goto 5 1 
If invalid BIOS displays error 
message, then goto 5. 1 

BIOS displays diagnostic report 
If Esc. goto 5.0 

BIOS displays test menu 
Do menu item if selected and 
goto 5 3. if Esc. turn off devices 
and goto 5 0 

BIOS displays additional 
features menu 

Do menu iiem if selected and 
goto 5 4. if Esc goto 5 1 



Fig. 3e 
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